Vulnerability Description
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 7.0 |
References
- http://dev2dev.bea.com/pub/advisory/146PatchVendor Advisory
- http://secunia.com/advisories/17138Third Party Advisory
- http://www.securityfocus.com/bid/15052Third Party AdvisoryVDB Entry
- http://dev2dev.bea.com/pub/advisory/146PatchVendor Advisory
- http://secunia.com/advisories/17138Third Party Advisory
- http://www.securityfocus.com/bid/15052Third Party AdvisoryVDB Entry
FAQ
What is CVE-2005-4756?
CVE-2005-4756 is a vulnerability with a CVSS score of 7.5 (HIGH). BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gai...
How severe is CVE-2005-4756?
CVE-2005-4756 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4756?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.